[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 6to4 security questions
On Wednesday, November 20, 2002, at 01:08 PM, Tim Chown wrote:
Define a notable deployment. Windows XP comes with IPv6 support. It
isn't on by default, but with a few commands, IPv6 is on and 6to4 is
up. Mac OS X 10.2 (a.k.a. Jaguar) ships with IPv6 on and listening for
routing advertisements. With a command, 6to4 is on and the node has an
On Wed, Nov 20, 2002 at 08:48:45PM +0100, Jeroen Massar wrote:
There are others (e.g. three I know of in the UK). How public they are
Currently in europe, at least, there are only a few 6to4 relays:
is another issue.
Just to put 6to4 in perspective for its current deployment, I am not
of any European NRENs that are using 6to4 to connect sites to their
IPv6 deployments. Everything is done by manually configured tunnels.
That's not to say 6to4 doesn't have a place (our students use it for
from their home networks, and it will work behind a NAT with tunnel
but it is perhaps more likely to be in large customer networks?
To play devil's advocate, who is using 6to4 in a notable deployment?
These releases require people to manually enable 6to4. It won't be long
before such technologies are enabled by default. Will the 6to4 relays
melt down? Perhaps. Will there be any incentive for people to deploy
6to4 relays or even maintain them if the traffic does pick up? At the
very least, it will be a sign that there is demand for IPv6
Is it reasonable to rely on ISPs supplying IPv6 to their customers? I
don't imagine I'll live to see the day that SBC hands out IPv6
addresses to DSL customers, and I'm only 25.
I see only one compelling reason to use IPv6 instead of IPv4, and
that's end to end connectivity (no NATs). The problem is, developers
are not going to deploy an IPv6 application if there are no clients
that have IPv6 addresses. Until there are applications that support
IPv6 and don't work over IPv4, there will be no demand for IPv6.
6to4 is a bootstrap technology that lets you get IPv6 out to a lot of
people, people that have no hope of getting IPv6 addresses from
shortsighted ISPs. With transition technologies like 6to4, developers
can count on IPv6 and writing their applications. If the applications
succeed and people are using IPv6, the demand may convince the ISPs to
Unfortunately, 6to4 will not work for everyone out there, especially
those behind a NAT. Vendors of NAT boxes are not implementing 6to4,
they don't see any demand. The shipworm/teredo draft is an interesting
proposal for getting IPv6 connectivity to nodes behind a NAT.
Unfortunately, the IETF seems to be totally uninterested.
If the transition to IPv6 relies on ISPs making a multi-billion dollar
gamble that deploying IPv6 without any customer demand will pay off,
IPv6 will never be widely deployed. Tunnel brokers don't scale, unless
they charge. If they charge, only corporations and the few individuals
that care enough will have IPv6 connectivity.